Hey CBs: You Can Market Consulting & Certification If You Have a Footer

You know how this goes, but let’s suit up and do this thing anyway. At this point, you as an Oxebridge reader have as much obligation as I do as an Oxebridge writer.

I got an email from an NSF sales dude — whose name I won’t mention because I liked the guy back when he worked for QMI — which set off all the alarm bells. Now, first understand that this was a spam message, and a pretty bad one at that. It was addressed “Dear Food Safety Consultant,” of which I am certainly not, since food production is one area I stay far away from. Not to mention I’m not a “safety” consultant for any industry. So NSF bought a bad spam list from some scammers, and then pumped out these unsolicited emails with zero concern for the CAN-SPAM Act.

Next, they put the words “confidential” on the spam email, because — as we will see — NSF doesn’t understand how words work. You can’t mass-email spam emails without even the name of the person you’re targeting and then claim they are “confidential” afterward, and if NSF gets pissed that I’m about to publish their email, they can see me in court.

The email included this big, flashing, neon-red flag:

See how the email clearly states it is presenting “some of the services” it offers in the “food certification” industry. The bottom line (in larger, colored font for some reason — they did that, not me), then lists those services as “training, consulting, & certification.”

So this is in no way ambiguous. The email is clearly selling all three, and they put the words in a list with the “&” sign right there. No person with any functioning thought center can see this as being anything other than the three services being marketed together.

The email then included this attached graphic, called the “NSF Wheel of Services,” which I’ve marked up. The red circles indicate training or consulting services, and the yellow circles indicate certification services:

Notice that on the bottom left, under “Management Systems,” you see both colored circles because they openly market management system “assessment” alongside “training.” So those two are right next to each other, but many of the other circles can still apply to NSF’s management system certification clients anyway, like the generic “Food Consulting” offering.

There’s no attempt at all to try and separate these. The text of the email, as well as the attached graphic, are all intended to simultaneously sell both certification and, then, training & consulting. And keep in mind, this is a single email sent to a single set of recipients; it wasn’t like they sent separate emails, one for certification and one for consulting. It was all intended to be read as a single set of offerings.

What does NSF’s accreditation standard have to say about this? Remember, NSF is accredited to ISO 17021-1, and that standard says:

5.2.9 The certification body’s activities shall not be marketed or offered as linked with the activities of an organization that provides management system consultancy.

So, obviously, we have a problem. If ISO 17021-1 says that NSF cannot sell certification while it is “marketed as linked” to consulting, the email would appear to openly violate that. No, it doesn’t “appear to” violated it, it just full-on does. Let’s not kid ourselves.

Alright, so let’s go further. What does the NSF website say about all this? Well, again, the services are marketing right on top of each other:

Clicking into the “Consulting” page, we see this:

The language says — twice — that NSF’s consulting services will be “customized” to the specific client’s “needs.” Meanwhile, here is what ISO 17021-1 says about that. The standard allows CBs like NSF to offer “generic” training, but prohibits them from “client-specific solutions.”

Arranging training and participating as a trainer is not considered consultancy, provided that, where the course relates to management systems or auditing, it is confined to the provision of generic information; i.e. the trainer should not provide client-specific solutions.

Meanwhile, jumping over to the NSF “Training” page, we see this:Notice how it says the NSF training provides the “necessary” framework. Any reading of the word “necessary” will result in the same conclusion: NSF is indicating the training is somehow “necessary” or required for the “implementation of effective food safety and quality systems.”

But what does ISO 17021-1 say about that? Read on, MacDuff:

A certification body shall not state or imply that certification would be simpler, easier, faster or less expensive if a specified consultancy organization were used.

Now, I suppose we can argue over whether suggesting taking a course is “necessary” equates to them saying the training is “simpler” or “easier,” but I think we’d have a hard time arguing otherwise. To me, it’s overt. Clearly, something would be “simpler” or “easier” if I take the mandatory training, as opposed to if I did not.

So here we have an official NSF spam mail, sent to God knows how many victims, which clearly “links” certification to consulting and training, doing so with a literal ampersand. Then, we have an attached graphic that puts them all in the same image, and (in one case) in the same sentence. Moving on, we have the NSF website, which not only sells all three services together, but the individual pages for the consulting and training services appear to further violate the conflict of interest rules.

So how does NSF get away with it? How does NSF’s accreditation body, ANAB, allow all of this?

A footer!

You see, at the bottom of each page on the NSF website, right above where they literally link consulting and training to certification, they let you know that they totally don’t do that, despite what your eyes are telling you:

But let’s be pedantic and read the literal words they wrote:

Use of NSF consulting services or attending NSF training sessions does not provide an advantage, nor is it linked in any way to the granting of certification.

So they claim these things are not “linked,” but specifically not linked to the “granting of certification.” Is that good enough?

Hell, no! 

You see, ISO 17021-1 is only partly about the granting of certification. In fact, “granting” certification comprises only three sentences in the entire standard. The rest is about all the surrounding CB activities, like what they do beforehand — in order to grant certification — and what they do afterward. All of those things are subject to possible corruption by conflicts of interest, and ISO 17021-1 doesn’t limit its prohibition only to the “granting” of certification. According to a strict reading of NSF’s footer, they can consult all day long while they prepare you for the audit, process your application, schedule audits, perform the audits, and even write the audit report. Only at the end, when they “grant” the certification, will they engage their conflict of interest controls.

Obviously, that’s not what it means, and why I know that NSF will not take me to court for republishing their bullshit spam letter despite the “confidential” claim. They want the dozey buggers at ANAB to look at that footer and shrug, but they sure as heck don’t want a jury to look at it. For the first time, NSF might actually face consequences.

This is nothing less than gaslighting. NSF is doing a thing over and over, overtly, in full view, and in writing, and then telling you — in a single tiny sentence placed at the bottom of the site, where no one will read it — that they are not doing that thing. You are supposed to suddenly throw out everything your eyes and brain have told you, all because some non-lawyer wrote some words contradicting every bit of sensory information you were otherwise getting.

What did the NSF sales rep say when I confronted him? More gaslighting:

We have clear division and resource distinctions between our Consulting/Training and Certification Services.

I am supposed to believe that somehow NSF has divided its “resources” even though those “resources” include its entire marketing operation and website, which clearly are not divided. I know this because they all appear on the same website, which I can see with my own eyes.

Will I file a complaint on this? Of course not, it’s pointless. ANAB knows full well that NSF clients are buying training and consulting, that the NSF trainers are telling ISO 9001 and other management system certification clients literally what to do in order to pass an audit, and that NSF auditors consult during audits. It’s not just NSF, all the CBs do this. ANAB not only knows this, they allow it.

And I’m not even getting into the fact that NSF sells some kind of QMS software, called TraQtion, which probably violates ISO 17021-1 even further, by providing NSF certification clients tools that the NSF auditors will later review during audits. We’ve beat that horse to death with BSI’s “Entropy” software, and the accreditation bodies like ANAB refused to take action.

And I won’t mention the weirdness of the fact that NSF claims its TraQtion software runs on an “ISO 27001 compliant” platform — which you’d hope an ISO certification body would understand makes no sense, since a software “platform” is not a management system — nor that NSF received its own ISO 27001 certification from a competing CB, A-Lign. Do incest much, do ya?

So, no … no surprises.

Except for the blatant attempts to gaslight everyone with some lame footer that says what we just read is not what we just read.

To that end, let me add a footer of my own, to see how well it goes down over at the Ann Arbor HQ:

The above report does not link NSF certification services to conflicts of interest, nor does it totally prove violations of ISO 17021-1 ny NSR, nor does it highlight ANAB’s complete abdication of responsibility in ensuring such things don’t happen. Totally not.